Cyber Solidarity in the Making: Is the EU Stepping into NATO’s Blind Spot?

Alliances, solidarity, and mutual assistance in security and defence are as old as warfare itself. So, when cyberspace emerged as a new battleground in the early 2000s, it came with a classic question: how should Allies respond when one of them is under digital siege?

Alliances, solidarity, and mutual assistance in security and defence are as old as warfare itself. So, when cyberspace emerged as a new battleground in the early 2000s, it came with a classic question: how should Allies respond when one of them is under digital siege?

The 2007 state-sponsored attacks on Estonia brought cyber defence to the North Atlantic Council’s table. Since then, at least in cyber issues, NATO has wrestled with a central dilemma: can a cyberattack trigger Article 5, i.e., a collective response? While NATO hesitated, the EU pursued a regulatory path on its own, building a comprehensive legal and strategic framework for cybersecurity.

The newly adopted EU Cyber Solidarity Act (CSoA) signals what could become a paradigm shift in its cybersecurity posture—from regulatory to operational. The Act hints at something the continentally-minded European cyberdefenders have long been missing: a coordinated, high-readiness response capacity. Could this be the EU’s first real blueprint for collective cyber defence—and a bold step toward filling NATO’s long-standing gap?

Moving forward, this analysis offers recommendations for strengthening cyber solidarity in Europe:

• Operationalise the Cyber Solidarity Act.
• Strengthen EU–NATO coordination.
• Extend solidarity beyond EU borders by building upon instruments like the Digital Europe Programme, the Tallinn Mechanism, and IT Coalition for Ukraine.
• Make the CSoA a landmark public–private partnership.
• Minimise bureaucratic barriers.
• Leverage existing networks and exercises.